Backtrack:  
 
by lunarg on September 8th 2009, at 18:26

We had a bit of trouble with an Apache2 server, configured as a front-end proxy for a IIS running various different sites. The idea for this has grown because of the fact that our client had only one public IP address at the time, but had to run multiple sites. Rather than running the sites in IIS on different ports, we setup the Apache2 to proxy requests to the IIS back-end, so the sites were accessible by means of sub-urls.
E.g.:

http://myserver/mysubdomain1/ -> http://internal-ip:my-port/

For this, we used mod_proxy, and the ProxyPass and ProxyPassReverse.

The problem

Lately, our client complained of regular errors when surfing the sites. Apache2 would give HTTP error 502 (Bad gateway) on the page. During this, the error.log shows errors like:

[Sat Aug 2 13:16:25 2009] [error] [client 192.168.10.2] proxy: error reading
status line from remote server (null), referer: http://my-domain.be/

The cause

This behaviour was reported by other users, who had a similar setup. The common nominator was always the combination of IIS, and Apache as a proxy of it. There are many explanations available, the Apache's Bugzilla included, but I'll keep the explanation short.

There is a conflict between the HTTP Keep-alive of IIS and Apache2. IIS's implementation of HTTP keep-alive is the root of the errors our client was getting.

The solution

The only true and proper solution is to have Apache2, or rather mod_proxy effectively disable HTTP keep-alive. This can be done by adding additional configuration parameters in your Apache configuration.

Add these to the VirtualHost that's doing the proxying (i.e. where the ProxyPass and ProxyPassReverse directives are located.

        SetEnv           force-proxy-request-1.0 1
        SetEnv           proxy-nokeepalive       1
        SetEnv           proxy-initial-not-pooled 1

They are added inside the <VirtualHost> </VirtualHost> tags.
Additionally, in the same level as the SetEnv directives you've just added, check whether the timeout is also set:

        ProxyTimeout 600

Links

This solution has been tested with Apache2 on Debian Lenny 5.0 (security updates installed), with IIS on Windows 2008 Standard (all updates installed). I used the following links as reference:

 
 
« December 2024»
SunMonTueWedThuFriSat
1234567
891011121314
15161718192021
22232425262728
293031    
 
Links
 
Quote
« I needed a password with eight characters so I picked Snow White and the Seven Dwarves. »